Passcode

A bug has been found in iOS 7 that allows a an attacker with physical control over a lost or stolen iPhone to get around Activation Lock and gain access to the device. Unfortunately, the method for circumventing Activation Lock has been made public. However, the bypass process requires the attacker have access to an unlocked device, and be able to access the device after a reboot, so it can be thwarted by simply having a Passcode enabled (either by itself or as part of Touch ID).

Security is at constant war with convenience. The stronger the passwords we use to keep our data safe, the more steps we take to lock down what we own, the less accessible our data and our devices become -- even to us. Balancing it all can be tough, and a lot depends on what the platforms and services we use do to help us. And nowhere is this more evident than mobile.

Multitouch keyboards, in large part, rely on things like like character pair prediction and auto-correct to make entry acceptable. Neither of those things are possible with passwords, and strong passwords require far higher than normal frequencies of shifting between upper and lower case, and between letters and numbers and symbols. It's the worst possible experience.

Apple recently released iOS 6.1.3 which included a fix for the passcode bypass bug that would allow an unauthorized person to access the Phone app on a locked iPhone. One day after the update, however, Matthew Panzarino of The Next Web is reporting that a new bypass bug has been discovered, this time by videosdebarraquito.

A couple of weeks ago a bug was discovered in the iOS 6 lock screen that allowed a person to access the Phone app, make phone calls, and get at a user’s contacts, without entering a passcode. Now a new, similar bug has been found, but it is being reported that this one will actually allow you to read from and write to the device, with unauthorized access to the filesystem. However, this does not appear to actually be the case.

Apple has release a statement concerning the iOS 6.1 bug that, through a complex series of button pushes and taps, will allow someone with physical access to an iPhone to bypass the passcode lock and get at the private content inside.

Once again a way has been found to bypass the iPhone's Lock screen passcode, this time for iOS 6.x, and involving a complex series of button pushes and screen taps to basically put the system into apoplexy. This particular Konami code of doom was reported by Adrian D'Urso of Jailbreak Nation:

Less than a month ago, a story broke about Apple buying AuthenTec, purveyors of mobile, digital security solutions including fingerprint authentication. While some Apple purchases, like Siri and Intrisity seem to suggest obvious uses, AuthenTec's portfolio and Apple's lack of any branded security beyond FairPlay DRM made intuiting this one a little less obvious. So what could it be?

Take security seriously and interested in how to enable data protection on your iPhone, iPod touch, and iPad? The good news is that if you use a passcode, iOS 4 data protections protects the hardware encryption keys on your device, making email, attachments, and 3rd party apps (if they enable it) much more secure. The bad news is, if you updated your iPhone 3GS, iPod touch 3, or original iPad from iOS 3 to iOS 4, data protection might not have been turned on even with the passcode. Not to worry, we'll walk you through all the possibilities, after the break!

The shinobi-smart folks over at 9to5mac have posted a way for iPhone and iPod touch users to switch away from the retro 4 number pin passcodes that Apple implements, and into a secure alpha-numeric key: